Nixpkgs security tracker

Permalink CVE-2025-24022

8.6 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 months ago

iTop server vulnerable to portal code injection

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

References

https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j x_refsource_CONFIRM
https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd x_refsource_MISC
https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e x_refsource_MISC
https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b x_refsource_MISC

Affected products

iTop

==>= 3.2.0, < 3.2.1
==< 2.7.12
==>= 3.0.0, < 3.1.3

Matching in nixpkgs

pkgs.nvitop

Interactive NVIDIA-GPU process viewer, the one-stop solution for GPU process management

nixos-unstable 1.5.2
- nixpkgs-unstable 1.5.2
- nixos-unstable-small 1.5.2
nixos-25.11 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.psitop

Top for /proc/pressure

nixos-unstable 1.1.3
- nixpkgs-unstable 1.1.3
- nixos-unstable-small 1.1.3
nixos-25.11 1.1.3
- nixpkgs-25.11-darwin 1.1.3

pkgs.gitopper

Gitops for non-Kubernetes folks

nixos-unstable 0.0.20
- nixpkgs-unstable 0.0.20
- nixos-unstable-small 0.0.20
nixos-25.11 0.0.20
- nixpkgs-25.11-darwin 0.0.20

pkgs.weave-gitops

Weave Gitops CLI

nixos-unstable 0.38.0
- nixpkgs-unstable 0.38.0
- nixos-unstable-small 0.38.0
nixos-25.11 0.38.0
- nixpkgs-25.11-darwin 0.38.0

pkgs.luaPackages.luabitop

Lua Bit Operations Module

nixos-unstable 1.0.2-3
- nixpkgs-unstable 1.0.2-3
- nixos-unstable-small 1.0.2-3
nixos-25.11 1.0.2-3
- nixpkgs-25.11-darwin 1.0.2-3

pkgs.lua51Packages.luabitop

Lua Bit Operations Module

nixos-unstable 1.0.2-3
- nixpkgs-unstable 1.0.2-3
- nixos-unstable-small 1.0.2-3
nixos-25.11 1.0.2-3
- nixpkgs-25.11-darwin 1.0.2-3

pkgs.luajitPackages.luabitop

Lua Bit Operations Module

nixos-unstable 1.0.2-3
- nixpkgs-unstable 1.0.2-3
- nixos-unstable-small 1.0.2-3
nixos-25.11 1.0.2-3
- nixpkgs-25.11-darwin 1.0.2-3

pkgs.tailscale-gitops-pusher

Allows users to use a GitOps flow for managing Tailscale ACLs

nixos-unstable 1.86.2
- nixpkgs-unstable 1.86.2
- nixos-unstable-small 1.86.2
nixos-25.11 1.90.9
- nixpkgs-25.11-darwin 1.90.9

pkgs.python312Packages.anitopy

Python library for parsing anime video filenames

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.11 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.python313Packages.anitopy

Python library for parsing anime video filenames

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.11 2.1.1
- nixpkgs-25.11-darwin 2.1.1

Package maintainers

@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@figsoda figsoda <figsoda@pm.me>
@PassiveLemon PassiveLemon <jeremyseber@gmail.com>
@snue Stefan Nuernberger <kabelfrickler@gmail.com>
@blitz Julian Stecklina <js@alien8.de>
@xanderio Alexander Sieg <alex@xanderio.de>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.nvitop

pkgs.psitop

pkgs.gitopper

pkgs.weave-gitops

pkgs.luaPackages.luabitop

pkgs.lua51Packages.luabitop

pkgs.luajitPackages.luabitop

pkgs.tailscale-gitops-pusher

pkgs.python312Packages.anitopy

pkgs.python313Packages.anitopy

Package maintainers